India: Data Theft By Employees: Risks and Precautions

November 5, 2018


The Ponemon Institute’s 2017 Cost of Data Breach Report has shown that Indian firms are at a high risk of data breach, especially the financial services and the technology companies.[1] Moreover, the report highlights the cases of data theft not only by the professional hackers or malwares but by the companies’ “trusted” employees. Though most companies take stringent measures to secure their systems and network against cyber-attacks, they remain casual about protecting important data from their own employees. For example, in a recent case, the Canada Life insurance group alleged a former senior executive for transferring “significant and highly confidential information” to another company.[2] Further, in another incident, SunTrust Banks Inc. reported data theft by an employee who is alleged to have stolen important information of about 1.5 million customers and provided it to a “criminal third party”.[3] Hence, keeping in mind the consequences of such kind of breaches by the employees who are entrusted with company’s trade secrets and sensitive information of the clients, it has become pertinent to adopt or upgrade the policies and measures taken up by a company to enhance data security not only against common cyber threats but also against the insiders.

Combating Data Theft:

It becomes pertinent to analyze an employee’s potential motive behind committing such a theft/ breach. A company may take certain precautionary and mitigating measures to manage data security and prevent its theft. The most essential step in combatting data theft by employees is creation of a thorough and well communicated set of company policies and procedures. These must include priority classification of the data ranging from confidential/sensitive to general, restricted use of the data and proper security access procedures for both new and departing employees.

With respect to data classification, it is necessary that the data of a company, according to the field or area of operation, is well segregated and organized. Such databases should be updated and audited periodically. Restricting access to such data by setting passwords to the layers of data as per its importance and selectively giving privilege of formatting and editing certainly helps in maintaining proper records of employees and the data accessible by them. Further, the following steps may be helpful to strengthen the data security system:

  • Installation of anti-download and anti-copying software and restricting access to printers rendering the creation of copies of data difficult.
  • Crucial and sensitive data of the company should always be stored in encrypted form which ensures security of the data even if the entire computer hardware is stolen.
  • Removing the employees from the administrator group on their computer further prevents them from installing any software or hardware and hence protects stored data against any kind of tampering.
  • A centralized logging device to provide a single view of company’s log files throughout the organization provide for critical information to detect any infiltration by hostile entities.
  • A non-disclosure agreement to protect confidential information and trade secrets with high penalties in case of breach acts as a good deterrent.
  • Upon termination, all electronic devices that were accessible to the employee must be secured and the access, authorization and/or usernames must be immediately changed.[4]

Employees’ and Staff training:

The most important aspect, however, is to train the employees and the staff to be careful and report any such instances immediately to the authorities. The employees should have regular awareness programs that reiterate the importance of complying with the policies, their importance and penalty in situations of non- compliance. For example, the employees should be advised to lock their desktops before leaving their desks even for short period of time as it may expose data to unauthorized access. Though these steps would certainly reduce the risk of data theft by employees, however a company or business should be prepared to mitigate the consequences in situation of a potential data breach anyway. If data theft has already been committed or there is a doubt of its commission, the apprehended consequences can be averted or abated by carefully preserving the digital evidences. Such digital evidences left after commission of data theft play an instrumental role in investigation and tracing down the offender.

Post Data Theft:

Careful handling of the situation involving data theft may assist the computer forensic experts in retrieving important information like recently attached storage media, recently accessed files and documents, recent internet activity, etc. which hold high evidentiary value in establishing a causal chain. In case the suspected employee’s computer is not switched off, the computer should be immediately quarantined. This step is essential as substantial information can be extracted from the computer’s Random Access Memory which may be lost or over-written by any further activity on the computer. On the other hand, if the computer has already been turned off, it should still be placed securely to prevent any tampering with the evidences. Every company is advised to have a separate IT department to handle contingencies and support the staff with technical help in such situations.

[1] Available at

[2]Available at

[3]Available at

[4]Available at

For more information please contact us at :